This latest post has nothing to do directly with Free Realms, but instead has to do with all PC game players and computer users in general.There is a new nasty computer virus going around that is infecting Windows rootKit and installing itself in system restore data via Zer-Day flaws. It is particularly hard to remove and is targeting PC Gamers to gain access to their account so they can steal the passwords and seel them on auction sites.
Gamers of EverQuest, World of Warcraft, and other MMORPG should be aware of this virus. Here is the official post on it...
Windows system restore targeted by virtual identity thieves
Thursday, September 24, 2009
The dogrobot virus that plagues Chinese internet cafes is being used to hijack online gaming account credentials, which can then be re-sold online.
The technique used to infect computers with the virus offers a unique advantage to cyber criminals: it infiltrates Windows' system restore functionality, so that computers remain infected even after complete reversion to a previously defined system restore point. This is accomplished via a combination of rootkits and zero-day flaws, which makes dogrobot difficult to clean from infected systems.
Experts say that the malware is a sophisticated delivery system for the dogrobot virus, which has been heavily modified to skirt security software and remain invisible on affected systems. This, in addition to its resistance to removal, makes the malware exceptionally suited to the theft of virtual identities for games like EverQuest and World of Warcraft.
Some online avatars can fetch hundreds of dollars at auction and sales websites, and an extensive market for virtual items and in-game money exists as well. Microsoft anti-virus researcher Chun Feng told ZDnet that the dogrobot group of viruses has cost Chinese internet cafes over $1.2 billion in losses.
--------------------
GENEVA -- Cyber crime gangs in China are penetrating the hard disk recovery cards on computers in Internet cafes and using a combination of zero-day flaws, rootkits and ARP spoofing techniques to steal billions of dollars worth of online gaming credentials.
According to Microsoft anti-virus researcher Chun Feng, five generations of the Win32/Dogrobot malware family have perfected the novel rootkit technique to hijack System Restore on Windows — effectively allowing the malicious file to survive even after the compromised machine is reverted to its previous clean state.
At the Virus Bulletin 2009 conference here, Feng (left) provided a fascinating look at the techniques used by Dogrobot, which is directly linked to the lucrative underground trading of online gaming assets like passwords and virtual property.
According to data presented by Feng, the Dogrobot family has caused more than USD$1.2 billion in losses to Chinese Internet cafes.
He explained that earlier Dogrobot used disk-level I/O file manipulation to penetrate System Restore but, as the malware evolved, it started using a “backdoor” that already exists in the System Restore functionality. A third generation introduced extensive unhooking code to thwart the protection offered by security programs and avoid removal.
Along the way, Feng discovered that newer variants were tweaked to get around security software and strengthen the code’s ability to maintain persistent stealth on compromised Windows computers.
In China, Internet cafes are very popular among the online gaming crowd where the use of USB sticks with account credentials is the norm. Dogrobot takes advantage of this, abusing the USB AutoRun functionality on older machines to propagate.
He explained that the malware author has found success exploiting zero-day ActiveX vulnerabilities and other flaws in Windows OS and third-party software — especially RealPlayer and WebThunder.
The attackers also use ARP cache poisoning to send malicious ARP packets to instruct other machines within the same LAN to download Dogrobot samples.
Thanks you for viewing my Blog, and check back daily for updates on Free Realms and Everquest.
Posts
:'( i got hacked
ReplyDelete